Keycloak authentication flow requirements

When you define an execution in Keycloak, you can set its Requirement type to one of four values:

• Required
  • A Required execution must succeed otherwise the flow fails (i.e., you must call context.success()).
  • Keycloak always runs required executions.
• Alternative
  • An Alternative step is optional in that it doesn’t have to succeed for the flow to proceed. As long as another alternative step at the same level succeeds, the flow can proceed.
  • For example, if you have multiple Alternative executions at the same level, at least one of them must execute successfully for the flow to succeed. A successful execution is when you call context.success() or context.attempted().
  • So if you have two Alternative flows and the first Alternative execution succeeds, then the second one may not be run by Keycloak. If the first one fails, Keycloak will try the second one. If all alternative steps fail, the flow fails.
• Conditional
  • TODO
• Disabled
  • Not active.